Last Call Review of draft-ietf-lamps-cert-binding-for-multi-auth-05
review-ietf-lamps-cert-binding-for-multi-auth-05-secdir-lc-kelly-2024-07-21-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

The summary of the review is ready.

This review is more than a month late, so I hope it is still useful.

From the abstract, This document defines a new CSR attribute,
relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. 
The use of the relatedCertRequest attribute in a CSR and the inclusion of the
RelatedCertificate extension in the resulting certificate together provide
additional assurance that two certificates each belong to the same end entity.
The document describes an example use case illustrating migration from classic
cert to a PQ certificate.

The security considerations section calls out the security considerations of
RFC 5280, and also discusses the potential for downgrade attacks and risks
relating to retrieval of the related cert. I see no additional security
considerations, and think the document is ready from a security perspective.